Python Qdb Exemples, flareqdb.Qdb Python Exemples

Exemple #1

0

Afficher le fichier

Fichier : deDOSfuscator.py Projet : IMULMUL/flare-qdb

def runWith_fDumpParse(offset):
    ep = pefile.PE(g_cmd_cmdline[g_arch]).OPTIONAL_HEADER.AddressOfEntryPoint
    q = flareqdb.Qdb()

    print('Running cmd.exe with fDumpParse enabled')
    q.add_query('cmd+0x%x' % (ep), "eb('%s', 1)" % (offset))
    q.run(g_cmd_cmdline[g_arch])

Exemple #2

0

Afficher le fichier

Fichier : deDOSfuscator.py Projet : waterbolik/flare-qdb

def runHookedCmd(offset, logdir, nerf=False):
    global g_logfile
    global g_nerf

    g_nerf = nerf
    if logdir:
        i = 0
        while os.path.exists(fmt_logfile_name(logdir, i)):
            i += 1

        g_logfile = fmt_logfile_name(logdir, i)

    logging.basicConfig(filename=g_logfile, level=logging.INFO)

    q = flareqdb.Qdb()

    print('Running hooked cmd.exe, logging to %s' % (g_logfile))
    q.add_query(offset, g_dump_cmd_cb[g_arch])
    q.run(g_cmd_cmdline[g_arch])

Exemple #3

0

Afficher le fichier

Fichier : deDOSfuscator.py Projet : IMULMUL/flare-qdb

def runHookedCmd(offset, logdir, nerf=False):
    global g_logfile
    global g_nerf

    g_nerf = nerf
    if logdir:
        i = 0
        while os.path.exists(fmt_logfile_name(logdir, i)):
            i += 1

        g_logfile = fmt_logfile_name(logdir, i)

    # Remove all handlers associated with the root logger object
    for handler in logging.root.handlers[:]:
        logging.root.removeHandler(handler)

    logging.basicConfig(filename=g_logfile, level=logging.INFO)

    q = flareqdb.Qdb()

    print('Running hooked cmd.exe, logging to %s' % (g_logfile))
    q.add_query(offset, g_dump_cmd_cb[g_arch])
    q.run(g_cmd_cmdline[g_arch])

Exemple #4

0

Afficher le fichier

    #hexdump(q.db(bytecode_base + PC + 2))
    pass


def PMOVQResultHandler(p, q, trace, **kwargs):
    #q -> debugger
    #q = fqd.Qdb(q)
    addr = bytecode_base + DQs_offset + p['result']
    DQ = q.db(addr, 32)
    print "[800:{0:X}]:".format(p['result'])
    hexdump(DQ, 16, addr)
    print "=" * 47
    pass


dbg = fqd.Qdb()

for Opcode in ThreeAFOpcodes:
    Handler = opcodes_handlers[Opcode]
    dbg.add_query(Handler[0], ThreeAFOpcodeOperandsHandler)
    dbg.add_query(Handler[1], ThreeAFOpcodeResultHandler)
dbg.add_query(opcodes_handlers[0x11][0],
              PMOVQOperandsHandler)  #0x11: "pmovq_dq"
dbg.add_query(opcodes_handlers[0x11][1], PMOVQResultHandler)  #0x11: "pmovq_dq"
dbg.add_query(opcodes_handlers[0x12][0],
              PSHIFTDOperandsHandler)  #0x12: "pshrd_dq"
dbg.add_query(opcodes_handlers[0x12][1],
              PSHIFTDResultHandler)  #0x12: "pshrd_dq"
dbg.add_query(opcodes_handlers[0x13][0],
              PSHIFTDOperandsHandler)  #0x13: "pshl_dq"
dbg.add_query(opcodes_handlers[0x13][1],